Optimal Constructions for Chain-based Cryptographic Enforcement of Information Flow Policies

TL;DR

This paper presents an optimal polynomial-time algorithm for constructing chain-based cryptographic enforcement schemes that minimize the number of keys needed for enforcing information flow policies without public information.

Contribution

It introduces a polynomial-time method to select chain-based schemes with minimal keys and analyzes the secrets required per user and overall.

Findings

Polynomial-time algorithm for optimal chain-based schemes

Minimum number of keys for enforcement achieved

Upper bound on secrets per user established

Abstract

The simple security property in an information flow policy can be enforced by encrypting data objects and distributing an appropriate secret to each user. A user derives a suitable decryption key from the secret and publicly available information. A chain-based enforcement scheme provides an alternative method of cryptographic enforcement that does not require any public information, the trade-off being that a user may require more than one secret. For a given information flow policy, there will be many different possible chain-based enforcement schemes. In this paper, we provide a polynomial-time algorithm for selecting a chain-based scheme which uses the minimum possible number of keys. We also compute the number of secrets that will be required and establish an upper bound on the number of secrets required by any user.